Cyber Resilience

CVE-2024-9464

CriticalRCE

Published: 09 October 2024

Published
09 October 2024
Modified
17 October 2024
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber
EPSS Score 0.8531 99.4th percentile
Risk Priority 70 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9464 is a critical-severity OS Command Injection (CWE-78) vulnerability in Paloaltonetworks Expedition. Its CVSS base score is 9.3 (Critical).

Operationally, ranked in the top 0.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-9464 is an OS command injection vulnerability, tracked as CWE-78, that affects Palo Alto Networks Expedition. It received a CVSS 4.0 score of 9.3 and was published on 2024-10-09. The flaw permits execution of arbitrary operating system commands with root privileges on the Expedition host.

An authenticated attacker with network access can exploit the issue without user interaction to run commands as root. This grants access to usernames, cleartext passwords, PAN-OS device configurations, and device API keys stored or managed by Expedition.

Palo Alto Networks has published an advisory at https://security.paloaltonetworks.com/PAN-SA-2024-0010 that addresses the vulnerability, while additional technical analysis appears at https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/. The current EPSS score stands at 0.8531 with a recorded peak of 0.8773.

EU & UK References

Vulnerability details

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

paloaltonetworks
expedition
1.2.0 — 1.2.96

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References